Mastodawn

We're ready for Microsoft Recall and the automatic screenshots it takes of everything on your desktop.

Signal Desktop on Windows now includes support for a new "Screen security" feature designed to block screenshots of your Signal chats.

https://signal.org/blog/signal-doesnt-recall/

By Default, Signal Doesn't Recall

Signal Desktop now includes support for a new “Screen security” setting that is designed to help prevent your own computer from capturing screenshots of your Signal chats on Windows. This setting is automatically enabled by default in Signal Desktop on Windows 11. If you’re wondering why we’re on...

Signal Messenger

Tanguy ⧓ Herrmann May 21

@signalapp I was quite annoyed when I heard about Recall.

You guys delivered! Thank you!

Tanguy ⧓ Herrmann May 21

@signalapp just read it.

The fact that you use a feature made to protect content corp data (DRM) as a way to protect individuals is :chefkiss:

It also highlights where the priorities of those corps are, and it is really distasteful.

@dolanor @signalapp The real solution isn't a one program fix, the real solution is to ditch Windows...

Tanguy ⧓ Herrmann May 21

@Rastal @signalapp That is totally true.
I've been doing that for more than 20 years.

I can still applaud when companies/individuals resist whatever crap is thrown at them for shitty reasons.

potion_genderqueer

@dolanor @Rastal @signalapp Yep, both of these things can be true. Some folks have to use WindBlows for whatever reasons.

Frankly, I think the Signal screen should show up as "FUCK YOU MICROSOFT" in Recall... or similar... or maybe Johnny Cash or Carrie Fisher in signature poses 🖕 ... As an option, of course.

Epistomai May 22

@Rastal @dolanor @signalapp Microsoft*

@epistomai @Rastal @dolanor @signalapp planet Earth*

b̴̨h̷̢̨s̴̡̡̕͡ù̢á̴͘͠r͘͝e̛͠z̨̀May 22

@Rastal @dolanor @signalapp easier said than done for corp IT fleets that are heavily invested in Windows — I agree with you but switching several thousand endpoints to a different operating system is just not cost effective. Signal understands that.

Dima Pasechnik 🇺🇦 🇳🇱May 22

@bh @Rastal @dolanor @signalapp
being sued out of existence for leaks caused by an insecure platform isn't cost-effective either.

b̴̨h̷̢̨s̴̡̡̕͡ù̢á̴͘͠r͘͝e̛͠z̨̀May 22

@dimpase @Rastal @dolanor @signalapp I’m not understanding your reply. Are you suggesting organizations that heavily use Windows could possibly be sued due to Windows Recall?

Dima Pasechnik 🇺🇦 🇳🇱May 22

@bh @Rastal @dolanor @signalapp
organisations and businesses often have to deal with classified materials, trade secrets, privacy-related issues, etc.

Forget Recall, even using the autosave feature of recent releases of Word saves stuff to OneDrive.

b̴̨h̷̢̨s̴̡̡̕͡ù̢á̴͘͠r͘͝e̛͠z̨̀May 22

@dimpase @Rastal @dolanor @signalapp agreed, which is why suggesting to ‘ditch Windows’ is not very feasible for those orgs due to the lack of auditable mobile device management systems that comply with regulatory requirements.

As far as I know, Microsoft Intune is the only MDM that runs well enough on Linux that doesn’t give a sysadmin headaches, but that’s not really moving off the platform that runs Windows.

b̴̨h̷̢̨s̴̡̡̕͡ù̢á̴͘͠r͘͝e̛͠z̨̀May 22

@dimpase @Rastal @dolanor @signalapp you can change the default location of where Office saves files with group policy — no way to do that with Linux so I understand how Linux doesn’t operate the same way, but my point still stands. Changing operating systems is a nightmare.

https://support.microsoft.com/en-us/topic/what-administrators-need-to-know-about-the-new-save-experience-in-office-c1f1a8a7-967b-45b3-a9df-910fbf93311f

What Administrators need to know about the new Save experience in Office - Microsoft Support

b̴̨h̷̢̨s̴̡̡̕͡ù̢á̴͘͠r͘͝e̛͠z̨̀May 22

@dimpase @Rastal @dolanor @signalapp btw I used to work at NUIT so I know first hand what it’s like to force tenure faculty to do anything they don’t want to do… 😉

Dima Pasechnik 🇺🇦 🇳🇱6d ago

@bh @Rastal @dolanor @signalapp
This is BS. M$ tools are simply not fit for academia, or any place that has to interoperate with the larger non-M$ world out there. E.g. they actively prevent us to conduct an intelligent discussion via email.

E.g. Outlook is simply not capable of property formatting in-text reply emails, and similarly email clients out there are not capable to deal with the mess M$ creates in their HTML emails (thanks, M$, for giving birth to this pile of crap).

At one of my university employers they lost years of my Exchange-managed emails, cause even backups are not something this software renting business is capable to provide. I did have personal backups of most of them, though.

b̴̨h̷̢̨s̴̡̡̕͡ù̢á̴͘͠r͘͝e̛͠z̨̀6d ago

@dimpase @Rastal @dolanor @signalapp yes this is BS (that is me, my initials) and I couldn’t agree more with your sentiment to M$. I’ve hated administrating anything Microsoft owns and that is why our corporate fleet is all macOS (I work in parking now)

Also, my condolences to you and the difficult experiences you had with university IT. Lack of backups is simply unacceptable and glad you do your own. M$ Exchange is just garbage.

Dima Pasechnik 🇺🇦 🇳🇱6d ago

@bh @Rastal @dolanor @signalapp
No way?
It's trivial to set a global default location for autosave files of, say, vi, on Unix, it's in a text file in /etc, you know. M$ got to stop bragging about them being oh so sophisticated wrt to user management.

PS. group policy, shmoop policy. Universities bought into M$ cause the suits were assured they can lay off IT people, and let their functions be performed by totally IT-illiterate secretaries. Over in Oxford they never managed to configure my Teams so that I can initiate calls. The M$ system tools are overdesigned, and too complex for anyone with IQ below 120 to do anything non-trivial.

b̴̨h̷̢̨s̴̡̡̕͡ù̢á̴͘͠r͘͝e̛͠z̨̀6d ago

@dimpase @Rastal @dolanor @signalapp agree with your point. M$ Exchange was the only way to have securely reliable email services on premise for academia. But when the cloud ☁️ appeared, then magically the cost of support and licensing for on-prem got really expensive. The shift to “hybrid” began and IT teams were forced to learn and support new technologies and M$ didn’t keep up with quality software

b̴̨h̷̢̨s̴̡̡̕͡ù̢á̴͘͠r͘͝e̛͠z̨̀6d ago

@dimpase @Rastal @dolanor @signalapp but now M$ is deliberately using AI to help Israel commit genocide, so we can see where their ethics are. Fuck them https://www.theverge.com/tech/672312/microsoft-block-palestine-gaza-email

Microsoft blocks emails that contain ‘Palestine’ after employee protests

Microsoft employees are reporting that emails that mention Palestine are being blocked. Microsoft has confirmed it has made some changes to its email systems.

The Verge

Dima Pasechnik 🇺🇦 🇳🇱6d ago

@bh @Rastal @dolanor @signalapp
Before Exchange got born, people were running email servers on premises just fine, I don't see what you mean by "the only way". That is M$ propaganda.

b̴̨h̷̢̨s̴̡̡̕͡ù̢á̴͘͠r͘͝e̛͠z̨̀6d ago

@dimpase @Rastal @dolanor @signalapp who was managing the security of those on-prem servers?

Dima Pasechnik 🇺🇦 🇳🇱6d ago

@bh @Rastal @dolanor @signalapp
hmm, do you honestly think that this is such an impossible task, manage security of on-prem servers? I am running my own email servers for over 25 years, and I don't think I ever had a security breach.
What's so complicated about it, that only M$ on their crapOS can achieve?

b̴̨h̷̢̨s̴̡̡̕͡ù̢á̴͘͠r͘͝e̛͠z̨̀6d ago

@dimpase @Rastal @dolanor @signalapp its easy to self-manage and self-host for a handful of users but IT teams need to account for scalability. In theory it seems easy, but when you’re tasked with patching ~200 servers one by one, and it takes away time from your life — you really want a centralized service that can help with those efforts of and maintaining reliability and security.

what would indicate a breach of email service?

Tanguy ⧓ Herrmann 6d ago

@bh @dimpase @Rastal @signalapp I don't see how patching 200 windows on premise servers is easier than 200 linux on premise servers.
I would argue the total inverse.

I'm also very sure that gmail doesn't run on windows server.

And when hotmail, who was run on BSD, if I'm not mistaken, got bought by Microsoft and they forced the switch to exchange servers, the migration really went bad for a while.

So I don't think I agree with your point.

b̴̨h̷̢̨s̴̡̡̕͡ù̢á̴͘͠r͘͝e̛͠z̨̀6d ago

@dolanor @dimpase @Rastal @signalapp I’m only speaking from my own experience

@Rastal @dolanor @signalapp nope.
Because even though I have been a Linux user for the last 17 years, I'm not safe.
Because when I use Signal to communicate with relatives who still use Windows it means that, if it weren't for this Signal feature, my privacy would be breached (because my conversation would still be displayed on a Windows).

(don't get me wrong: I think it would be pretty cool if all my relatives switched from Windows to Linux. But even though I've been working on I've been working on it for the last 17 years, it won't happen.
TL;DR: it's great if you ditch Windows. But that won't be enough to make you safe)

Tanguy ⧓ Herrmann May 22

@gturri @Rastal @signalapp good point

@signalapp Just use Signal on #Linux and you will not have headache caused by Microsoft.

@NewDay14 @signalapp But if your communication partner uses Windows, how is your end-to-end encryption, because everything is recorded there and made accessible to third parties in the M$ cloud?

MisterMoo May 21

@Dj4n90 @NewDay14 @signalapp Just cut off all your friends who don’t use Linux, duh.

@MisterMoo @NewDay14 @signalapp _MY_ friends uses arch, btw! 😎

@Dj4n90 @signalapp The e2e encryption is OS independent. If you are writing to someone who is not using the same OS as you, you should not be bothered. I have not found any information that Signal stores the messages using Microsoft's cloud.

@NewDay14 @signalapp Do you really trust that nobody but yourself has/will have access to your recall folder?

@Dj4n90 @signalapp No, but Signal will not give Recall access to your screen or I did not really understand the new feature above.

Seasons of Jason 🎒May 21

@NewDay14 @signalapp I agree with you. But that's not a realistic possibility for many, many people for a variety of reasons.

@killyourfm @NewDay14 @signalapp I guess at this point these comments aren't really about realism, but just a reminder to people that may have the ability to do the switch.

Tobias Frisch May 21

@killyourfm @NewDay14 @signalapp Honestly the true privacy option would be dropping Windows support because it's a security risk for all other users at this point. I doubt this workaround will keep anything protected long-term.

NotBlackMagic May 21

@NewDay14 @signalapp Communication takes a partner.

IrishMASMS May 22

@NewDay14 @signalapp

Futuristic Robert [KJ5ELX]

@signalapp and we trust Microsoft's API with this?

Martin Vermeer FCD May 21

@0xF21D @signalapp Movie corporations trust their pocketbooks with this. Good enough for me.

Bluedepth May 21

@signalapp Wow, we just trust everything that the Beast of Redmond says huh? With their attention to detail and prowess when it comes to writing solid code the first time. Just gonna roll with that huh? After almost 50 years of this companies behavior? Ohhh-kay.

The Evil Chocolate Cookie May 21

@signalapp of course the proper thing would be for Microsoft to like not take screenshots of your screen in the first place because that’s creepy

Bart Willeman 6d ago

@evilcookies98 @signalapp It doesn't. It is off by default.

The Evil Chocolate Cookie 6d ago

@signalapp @bart it shouldn’t exist at all. That’s taking things too far.

Mare Polaris May 21

@signalapp still hope one day you just block screenshots on all endpoints or allow people to configure their chats as "nonscreenshottable".

official_verified

@ph00lt0 @signalapp

Talya (she/her) 🏳️‍⚧️✡️May 22

@Em0nM4stodon @ph00lt0 @signalapp
trying to force other people's client to not screenshot is doomed to fail.
see this thread for the relevant discussion:
https://community.signalusers.org/t/screenshot-recording-detection-and-or-blocking/46922?u=rassilon1963

Screenshot / recording detection and/or blocking

There have been multiple requests that revolve around screenshot / recording detection and/or blocking, and while they are all slightly different, they have a significant amount of overlap and result in duplicate discussions. Due to the timespan of the threads and related discussion, rather than a confusing merge of all the posts, I am simply going to close the other topics and link them here. Any discussion relating to screenshot / recording detection and/or blocking can be continued in this...

Signal Community

Mare Polaris May 22

@Yuvalne @Em0nM4stodon @signalapp nobody says it cannot be bypassed. But sensing a default no would eliminate a lot of issues.

@signalapp I'm glad there is a solution to this frustrating problem.

I can't help but wonder if the setting could be made stronger, like disappearing messages. Now, if I don't want my messages captured by Recall, I have to hope that others in the chat don't disable this setting on their end.

Bruce Heerssen May 21

@r0k @signalapp
That's the security hole in all encryption applications: you can't control what recipients do. But that's not an encryption problem, it's an opsec problem.

@r0k @signalapp An option to reject talking to any other Signal client with Screen Security disabled would seem a logical next step.

Bart Willeman 6d ago

@r0k @signalapp Recall doesn't work until you as user turn it on

@signalapp thanks for providing at least one more step of protection. A lot of people will rightly point that the issue doesn't exist on more secure hosts, but getting folks to use more secure messengers is a much easier ask then changing their OS. Allowing folks to get similar functionality as nonsecure messengers (such as desktop sync) will help in their mental math to switch. Thanks for all you do Signal team!

Christoph Brodesser May 21

@signalapp bekanntlich soll der neue Microsoft-Dienst „Recall“ Screenshots von allem machen, was auf dem Bildschirm geschieht - also auch von Desktops von Messengern wie #WhatsApp, #Telegram und Co.
#Signal hat darauf reagiert und will jetzt eine neue Funktion „Bildschirmsicherheit“ in sein System einfügen, die Screenshots der Signal-Chats blockiert und damit die Kommunikation nicht in die USA nach Redmond schickt.
Für mich zwei Erkenntnisse:
- Microsoft soll so bald wie möglich endgültig vom Rechner verschwinden; leider nutze ich aber noch ein paar wenige proprietäre Programme, die zwingend MS Windows zur Funktion benötigen, so dass ich noch nicht ganz „clean“ sein kann
- WhatsApp, Telegram und Co. werde ich für die wenigen Fälle, in denen ich sie heute noch nutze, aufgeben; hauptsächlich gibts nur noch Signal und innerhalb der Nextcloud-Benutzergruppe Talk. Matrix wäre zwar auch schön, erfüllt aber mein Anforderungsprofil (noch) nicht umfänglich.

kontrollierterWahnwitz May 21

@cbr Aus Interesse und Spieltrieb: Welche Programme setzen für dich noch Windows voraus?

Christoph Brodesser May 21

@kontrollierterWahnwitz StarMoney in der Cloud.

Franky Tegeler - Der Stadtwolf May 22

@cbr
Alternative wäre Moneyplex oder wenn es Open Source sein soll

-GnuCash
-KmyMoney
-HBCI4Java (darauf basieren wiederum noch andere Projekte)
-LXBank

Keins dieser Programme braucht den Windows-Emulator wine, der ohnehin nur Speicher frisst. Jetzt ist die Frage was die Anforderungen sind. Welche Programme auch in der Cloud laufen können, da bin ich überfragt.

@kontrollierterWahnwitz

@kontrollierterWahnwitz Ableton Live, M365 und Adobe

Franky Tegeler - Der Stadtwolf May 22

Ableton Live -> https://alternativeto.net/software/ableton-live/?platform=linux

M365 -> OpenOffice, LibreOffice. Können alle MS-Formate.

Adobe -> https://de.linux-console.net/?p=13133

Es gibt noch mehr Alternativen, manche FOSS und Made in EU. Das ganze zwei Klicks in der Suchmaschine. LibreOffice setze ich selbst ein und um PDF zu bearbeiten kommt es auf die Wünsche an. Ich nutze PDF Arranger oder LibreOffice.